ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Mon Jun 03, 2019 11:43 pm

Hi,

I am using 2.3.0.2. OC. When I try to edit the status of the product to "On stock" and hit save I get an error ERR_BLOCKED_BY_XSS_AUDITOR or I am redirected to the missing page. I am using Chrome. It is up to date. I tried the same in Firefox, the same thing happens.

Is it some how connected with token and API?

I tried the whole new API thing but does not work for me.. I first noticed this thing when I moved to another hosting . They are saying it is nothing to do with the server, but probably with cloudfare??

If I try to edit the item it redirects me to a broken page of mine.. my site looks like this originally..
Image
but when I try to save the edited version it redirects me to this and saying The page doesn not exist, so it does not save it...

Image

I would appreciate some help.

Attachments

xss_.png

xss_.png (73.97 KiB) Viewed 3169 times

User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by webdesires » Tue Jun 04, 2019 9:19 am

This is your browsers security feature, to disable this in the admin panel you could edit /admin/index.php and add the below at the top of the file, however exercise caution because this also then opens up your admin panel for legitimate XSS attacks so make sure your server is never compromised. Personally I feel all admin panels should deactivate XSS due to the fact of what you do with it. Just need to make sure the admin panel stays secure.

Code: Select all

header('X-XSS-Protection:0');
You could also just edit /admin/.htaccess and add:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
P.S. I'm not too sure about your other issue this may not be related. please update me if that clears it up or not.
Last edited by webdesires on Wed Jun 05, 2019 6:58 pm, edited 1 time in total.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins

User avatar
webdesires
Active Member
Posts
118
Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Tue Jun 04, 2019 2:37 pm

Thank you very much for the reply.
If I choose the fist option it won't let me through the admin panel when I'm signing in.
If I choose the second option it does not work. I get redirected to broken page.
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by webdesires » Wed Jun 05, 2019 6:57 pm

Your server may not have the required packages or setup for this to work. However I did make a mistake with the .htaccess version, try this in your .htaccess:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
Let me know if this works better or if you still get a broken admin panel.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins

User avatar
webdesires
Active Member
Posts
118
Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Mon Jun 10, 2019 3:04 pm

I opened the error logs.. and I found this:

PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/XXXXX/public_html/system/storage/modification/catalog/controller/product/product.php on line 789
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Mon Jun 10, 2019 4:40 pm

webdesires wrote:
Wed Jun 05, 2019 6:57 pm
 Your server may not have the required packages or setup for this to work. However I did make a mistake with the .htaccess version, try this in your .htaccess:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
Let me know if this works better or if you still get a broken admin panel.
I don't have a broken admin .. I am being redirected to a strange broken page after I am trying to edit one particular item..and it says The page is not found..

I added this to my .htaccess file.. but It does not help..

I than went to log files and I found out this error: 2019-06-10 6:47:19 - PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/xxxx/public_html/system/storage/modification/catalog/controller/product/product.php on line 789
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by webdesires » Mon Jun 10, 2019 6:59 pm

that is coming from the front-end, and nothing to worry about. Warnings will not stop your site from working.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins

User avatar
webdesires
Active Member
Posts
118
Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by straightlight » Mon Jun 10, 2019 7:31 pm

Same as this one right? viewtopic.php?f=199&t=211540&p=754067#p754067 .

See this solution: viewtopic.php?f=199&t=211540&p=754067#p754154

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Mon Jun 10, 2019 9:33 pm

Hi, I'm trying to find this file (model/module/module.php), but I don't have module folder under my admin folder.. just model. What am I missing? I am using 2.3.0.2. OC

I've changed php from 7.2. to 7.1... nothing changed..
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by cyclops12 » Mon Jun 10, 2019 9:56 pm

It might be model/extension/module/ etc etc
cyclops12
Expert Member
Posts
2376
Joined
Sun Sep 27, 2015 1:10 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by straightlight » Tue Jun 11, 2019 6:10 am

The OP has already provided the location: viewtopic.php?f=191&t=212065#p757069 . Since this issue is caused by an installed extension, however, contact the extension developer to resolved this issue.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Fri Jun 21, 2019 3:49 pm

i uninstalled almost each extension.. and it has nothing to do with an extension.. is it possible to find the root.. i can not edit anything on my site! I tried to update the google analytics code and after saving it i get redirected to a page that doesn'T exist again!

the code was not saved.. so I can not do anything..

on line 789 (/home/xxx/public_html/system/storage/modification/catalog/controller/product/product.php) is this code:

Code: Select all

 if (!empty($seo_categories)) {
                        $data['seo_data']['breadcrumbs'][] = array(
                            'name' => $this->config->get('config_name'),
                            'href' => $this->url->link('common/home', '', 'SSL')
                        );
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Fri Jun 21, 2019 4:11 pm

hosting provider is saying to me that this is because i updated the php from 7.1. to 7.2...

but i reversed it now.. regarding this https://www.php.net/manual/en/function.count.php

I can't use my site at all!!!

I have just received an information that I need to debug the php?? I don't know how? Could please help me or do anyone has another solution to this?

edit: Now they turned off XSS .. and it magically works..

but I l already tried to put this code in .htaccess file.. but it didn't work..

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by OSWorX » Fri Jun 21, 2019 4:42 pm

As it seems, wether the Provider knows his job, nor you have a glue what to do .. correct?

Have you ever tried to make a new and clean installation - e.g. in a subfolder?
And only the Shop itself, no extensions, no custom template!
And no enabled .htaccess!
And tried it then again?

With several browsers?
And disable before their installed addins!

I am sure it will work.
Otherwise thousands of OC users would have these troubles you have.

And maybe you are using a local installed firewall or/and virus scanner?
If you will have still troubles then, disable also them - temporary.
Have seen some strange results at some clients when they have used such stupid virus solutions.

Before you have not tried a new and clean installation, I am sure nobody here can you help.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.

User avatar
OSWorX
Guru Member
Posts
7536
Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Fri Jun 21, 2019 6:40 pm

I am not doing a clean install.. The provider moved the site from to another hosting provider.

this s*** worked before.. don't understand why stopped working now..
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by OSWorX » Fri Jun 21, 2019 7:18 pm

Do whatever you want.
But stop annoying us.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.

User avatar
OSWorX
Guru Member
Posts
7536
Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by straightlight » Fri Jun 21, 2019 7:44 pm

ideep13 wrote:
Fri Jun 21, 2019 6:40 pm
 I am not doing a clean install.. The provider moved the site from to another hosting provider.

this s*** worked before.. don't understand why stopped working now..
Not a bug. This is a user configuration issue either originating from .htaccess, config.php or admin/config.php file. If you don't have the minimum skills to fix those issues, that's no problem. You can always create a new service request in the Commercial Support section of the forum to get this fixed as a custom job or you could always re-contact the hosting provider and request to fix this issue.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Fri Jun 21, 2019 7:59 pm

OSWorX wrote:
Fri Jun 21, 2019 7:18 pm
 Do whatever you want.
But stop annoying us.

Wow, someone's got an attitude. You should consider look up to user straightlight. Such a nice, helpful soul.
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by ideep13 » Sat Jun 22, 2019 5:28 pm

this error escalated so far that interfered checkout process as well.. I contacted the hosting provider and he says that they totally disabled firewall for all my sites.. and I need to take care of the security and protection of the sites on my own from now on.. what does he mean? is my site now vulnerable 24/7? my site runs through cloudfare, I have changed admin folder.. i have 2.3.0.2. opencart.. do i need to update the opencart to the latest version so I can get rid of this error?
User avatar
ideep13
Active Member
Posts
283
Joined
Mon Jun 18, 2012 2:47 am
Top

Re: ERR_BLOCKED_BY_XSS_AUDITOR can not edit posts

Quote

Post by straightlight » Sat Jun 22, 2019 8:11 pm

ideep13 wrote:
Sat Jun 22, 2019 5:28 pm
 this error escalated so far that interfered checkout process as well.. I contacted the hosting provider and he says that they totally disabled firewall for all my sites.. and I need to take care of the security and protection of the sites on my own from now on.. what does he mean? is my site now vulnerable 24/7? my site runs through cloudfare, I have changed admin folder.. i have 2.3.0.2. opencart.. do i need to update the opencart to the latest version so I can get rid of this error?
When you see these types of messages, it simply means that you need to switch web hosting service since it does not require to remove a firewall and leave you on your own to protect your domain to use Opencart. Not a bug.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester

straightlight
Legendary Member
Posts
22391
Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Top
Post Reply
Return to “Bug Reports”
Who is online

Users browsing this forum: No registered users and 103 guests